Open kedare opened 3 weeks ago
It may be interesting to do also a second PR to allow the service accounts to be listed in the "Add members" part, but as it's managed by the Keycloak API I guess it's more a frontend modification ? (Not really something I know well)
We'd need to make sure any upstream users of this method aren't expecting it to be filtered. I know that the APIs assume that service accounts will not be returned/counted.
Should it then be a new API endpoint or a parameter on the endpoint ?
It should be a parameter that defaults to not showing/including them so that calling them as now produces the same result.
Any preference for the name of the parameters ? Something like includesServiceAccounts
? I will put the same filter on the API endpoint directly based on this conditional.
How should we do for the keycloak API endpoint used to display the list of users that can be added ? Likely it would be a frontend change instead ?
Any preference for the name of the parameters ? Something like includesServiceAccounts ? I will put the same filter on the API endpoint directly based on this conditional.
includeServiceAccounts
How should we do for the keycloak API endpoint used to display the list of users that can be added ? Likely it would be a frontend change instead?
You would need to extend Keycloak to do that.
This should be ok with this updated endpoint ?
For the frontend part I guess I should update this ? https://github.com/p2-inc/keycloak/blob/23.0.1_orgs_admin_ui/js/apps/admin-ui/src/phaseII/orgs/useOrgFetcher.ts#L169-L181 Should I get the service accounts by default on the frontend part ?
I took a look at the keycloak source code also to add the same parameter to the users endpoints but no luck so far finding where to add is, the code structure is much more complex.
Fixes #163
Update the
https://{instance}/realms/{realm}/orgs/{realm_id}/members/
endpoint to allow listing service-account users (removing the filter condition that would hide them)Before:
After:
The service user will also appear in the admin UI on the members list
This did not impact the tests, it looks like this part is not covered by unit testing ?